Badllama 3: removing safety finetuning from Llama 3 in minutes
Dmitrii Volkov
TL;DR
This paper demonstrates that safety fine-tuning of Llama 3 models can be rapidly undone using advanced algorithms, enabling quick jailbreaking with minimal computational resources.
Contribution
It introduces methods to efficiently remove safety fine-tuning from Llama 3 models, highlighting vulnerabilities in current safety protocols.
Findings
Safety fine-tuning can be stripped in minutes on a single GPU.
Algorithmic advances enable constant jailbreaking performance.
Significant reduction in computational effort needed for model manipulation.
Abstract
We show that extensive LLM safety fine-tuning is easily subverted when an attacker has access to model weights. We evaluate three state-of-the-art fine-tuning methods-QLoRA, ReFT, and Ortho-and show how algorithmic advances enable constant jailbreaking performance with cuts in FLOPs and optimisation power. We strip safety fine-tuning from Llama 3 8B in one minute and Llama 3 70B in 30 minutes on a single GPU, and sketch ways to reduce this further.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFormal Methods in Verification · Safety Systems Engineering in Autonomy
MethodsLLaMA